Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
-
submitted
21/10/2023, 21:14
General
-
Target
NEAS.1d776eb8407d64a74a30a3037bf687c0.exe
-
Size
101KB
-
MD5
1d776eb8407d64a74a30a3037bf687c0
-
SHA1
afb442fd4818c54de0fe4c9e08726083ff1e978e
-
SHA256
3ad624858a9fa74dcf964ea9e6715aa2de6f111f76e0910c05cb13e60ebf3315
-
SHA512
85ef6c0d8a8ed8ad5d9b275b44fc36546478985659a15e87ead4c2014439d8576fdf1c2d881510ad24f1f9caf80875074e1f975bc46a2fbd35d637e433c9c5cb
-
SSDEEP
3072:DL1I67A2YvyB/gqlC4jduXqbyu0sY7q5AnrHY4vDX:DL+jALo853Anr44vDX
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.1d776eb8407d64a74a30a3037bf687c0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.1d776eb8407d64a74a30a3037bf687c0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eggmge32.exeC:\Windows\system32\Eggmge32.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Edpgli32.exeC:\Windows\system32\Edpgli32.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eachem32.exeC:\Windows\system32\Eachem32.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fgppmd32.exeC:\Windows\system32\Fgppmd32.exe5⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fddqghpd.exeC:\Windows\system32\Fddqghpd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fahaplon.exeC:\Windows\system32\Fahaplon.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fggfnc32.exeC:\Windows\system32\Fggfnc32.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fnaokmco.exeC:\Windows\system32\Fnaokmco.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fgjccb32.exeC:\Windows\system32\Fgjccb32.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gekcaj32.exeC:\Windows\system32\Gekcaj32.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gnfhfl32.exeC:\Windows\system32\Gnfhfl32.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ghklce32.exeC:\Windows\system32\Ghklce32.exe13⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Goedpofl.exeC:\Windows\system32\Goedpofl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gdbmhf32.exeC:\Windows\system32\Gdbmhf32.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gafmaj32.exeC:\Windows\system32\Gafmaj32.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ggcfja32.exeC:\Windows\system32\Ggcfja32.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gfdfgiid.exeC:\Windows\system32\Gfdfgiid.exe18⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gkaopp32.exeC:\Windows\system32\Gkaopp32.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hheoid32.exeC:\Windows\system32\Hheoid32.exe20⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hdlpneli.exeC:\Windows\system32\Hdlpneli.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hnfamjqg.exeC:\Windows\system32\Hnfamjqg.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hkjafn32.exeC:\Windows\system32\Hkjafn32.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hgabkoee.exeC:\Windows\system32\Hgabkoee.exe24⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Idebdcdo.exeC:\Windows\system32\Idebdcdo.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lckiihok.exeC:\Windows\system32\Lckiihok.exe26⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Hnokeqll.exeC:\Windows\system32\Hnokeqll.exe12⤵
-
C:\Windows\SysWOW64\Hheoci32.exeC:\Windows\system32\Hheoci32.exe13⤵
-
C:\Windows\SysWOW64\Hfklamii.exeC:\Windows\system32\Hfklamii.exe14⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hgliie32.exeC:\Windows\system32\Hgliie32.exe15⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hocqkc32.exeC:\Windows\system32\Hocqkc32.exe16⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ihlechfj.exeC:\Windows\system32\Ihlechfj.exe17⤵
-
C:\Windows\SysWOW64\Iofmpb32.exeC:\Windows\system32\Iofmpb32.exe18⤵
-
C:\Windows\SysWOW64\Ibdiln32.exeC:\Windows\system32\Ibdiln32.exe19⤵
-
C:\Windows\SysWOW64\Idbfhiko.exeC:\Windows\system32\Idbfhiko.exe20⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Iohjebkd.exeC:\Windows\system32\Iohjebkd.exe21⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Iiqooh32.exeC:\Windows\system32\Iiqooh32.exe22⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Iojgkbib.exeC:\Windows\system32\Iojgkbib.exe23⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ibicgmhe.exeC:\Windows\system32\Ibicgmhe.exe24⤵
-
C:\Windows\SysWOW64\Iickdgpb.exeC:\Windows\system32\Iickdgpb.exe25⤵
-
C:\Windows\SysWOW64\Iomcqa32.exeC:\Windows\system32\Iomcqa32.exe26⤵
-
C:\Windows\SysWOW64\Ibkpmm32.exeC:\Windows\system32\Ibkpmm32.exe27⤵
-
C:\Windows\SysWOW64\Ighhed32.exeC:\Windows\system32\Ighhed32.exe28⤵
-
C:\Windows\SysWOW64\Ifihckmi.exeC:\Windows\system32\Ifihckmi.exe29⤵
-
C:\Windows\SysWOW64\Jbpihlbn.exeC:\Windows\system32\Jbpihlbn.exe30⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jenedhaa.exeC:\Windows\system32\Jenedhaa.exe31⤵
-
C:\Windows\SysWOW64\Jkhnab32.exeC:\Windows\system32\Jkhnab32.exe32⤵
-
C:\Windows\SysWOW64\Jngjmm32.exeC:\Windows\system32\Jngjmm32.exe33⤵
-
C:\Windows\SysWOW64\Jfnbnk32.exeC:\Windows\system32\Jfnbnk32.exe34⤵
-
C:\Windows\SysWOW64\Kgfdfbhj.exeC:\Windows\system32\Kgfdfbhj.exe35⤵
-
C:\Windows\SysWOW64\Kpmlhoil.exeC:\Windows\system32\Kpmlhoil.exe36⤵
-
C:\Windows\SysWOW64\Kblidkhp.exeC:\Windows\system32\Kblidkhp.exe37⤵
-
C:\Windows\SysWOW64\Kfgddi32.exeC:\Windows\system32\Kfgddi32.exe38⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Aagkhd32.exeC:\Windows\system32\Aagkhd32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Apmhiq32.exeC:\Windows\system32\Apmhiq32.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Aggpfkjj.exeC:\Windows\system32\Aggpfkjj.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bhkfkmmg.exeC:\Windows\system32\Bhkfkmmg.exe4⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bpfkpp32.exeC:\Windows\system32\Bpfkpp32.exe5⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cdmfllhn.exeC:\Windows\system32\Cdmfllhn.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cocjiehd.exeC:\Windows\system32\Cocjiehd.exe7⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dhphmj32.exeC:\Windows\system32\Dhphmj32.exe8⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dgeenfog.exeC:\Windows\system32\Dgeenfog.exe9⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dakikoom.exeC:\Windows\system32\Dakikoom.exe10⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dggbcf32.exeC:\Windows\system32\Dggbcf32.exe11⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Dnajppda.exeC:\Windows\system32\Dnajppda.exe12⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dhgonidg.exeC:\Windows\system32\Dhgonidg.exe13⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Dhikci32.exeC:\Windows\system32\Dhikci32.exe14⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Enfckp32.exeC:\Windows\system32\Enfckp32.exe15⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Edplhjhi.exeC:\Windows\system32\Edplhjhi.exe16⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Eoepebho.exeC:\Windows\system32\Eoepebho.exe17⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Eohmkb32.exeC:\Windows\system32\Eohmkb32.exe18⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Edgbii32.exeC:\Windows\system32\Edgbii32.exe19⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Enpfan32.exeC:\Windows\system32\Enpfan32.exe20⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Eiekog32.exeC:\Windows\system32\Eiekog32.exe21⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fbmohmoh.exeC:\Windows\system32\Fbmohmoh.exe22⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Foapaa32.exeC:\Windows\system32\Foapaa32.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fgmdec32.exeC:\Windows\system32\Fgmdec32.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fbbicl32.exeC:\Windows\system32\Fbbicl32.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fkjmlaac.exeC:\Windows\system32\Fkjmlaac.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fecadghc.exeC:\Windows\system32\Fecadghc.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fohfbpgi.exeC:\Windows\system32\Fohfbpgi.exe28⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Feenjgfq.exeC:\Windows\system32\Feenjgfq.exe29⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Galoohke.exeC:\Windows\system32\Galoohke.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ganldgib.exeC:\Windows\system32\Ganldgib.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gghdaa32.exeC:\Windows\system32\Gghdaa32.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gnblnlhl.exeC:\Windows\system32\Gnblnlhl.exe33⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Geldkfpi.exeC:\Windows\system32\Geldkfpi.exe34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gndick32.exeC:\Windows\system32\Gndick32.exe35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ggmmlamj.exeC:\Windows\system32\Ggmmlamj.exe36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gaebef32.exeC:\Windows\system32\Gaebef32.exe37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hlkfbocp.exeC:\Windows\system32\Hlkfbocp.exe38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hlmchoan.exeC:\Windows\system32\Hlmchoan.exe39⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hajkqfoe.exeC:\Windows\system32\Hajkqfoe.exe40⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hpkknmgd.exeC:\Windows\system32\Hpkknmgd.exe41⤵
-
C:\Windows\SysWOW64\Hhfpbpdo.exeC:\Windows\system32\Hhfpbpdo.exe42⤵
-
C:\Windows\SysWOW64\Hnphoj32.exeC:\Windows\system32\Hnphoj32.exe43⤵
-
C:\Windows\SysWOW64\Hhimhobl.exeC:\Windows\system32\Hhimhobl.exe44⤵
-
C:\Windows\SysWOW64\Hbnaeh32.exeC:\Windows\system32\Hbnaeh32.exe45⤵
-
C:\Windows\SysWOW64\Ilfennic.exeC:\Windows\system32\Ilfennic.exe46⤵
-
C:\Windows\SysWOW64\Ibqnkh32.exeC:\Windows\system32\Ibqnkh32.exe47⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ipdndloi.exeC:\Windows\system32\Ipdndloi.exe48⤵
-
C:\Windows\SysWOW64\Iimcma32.exeC:\Windows\system32\Iimcma32.exe49⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Iojkeh32.exeC:\Windows\system32\Iojkeh32.exe50⤵
-
C:\Windows\SysWOW64\Ihbponja.exeC:\Windows\system32\Ihbponja.exe51⤵
-
C:\Windows\SysWOW64\Iolhkh32.exeC:\Windows\system32\Iolhkh32.exe52⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Iialhaad.exeC:\Windows\system32\Iialhaad.exe53⤵
-
C:\Windows\SysWOW64\Ibjqaf32.exeC:\Windows\system32\Ibjqaf32.exe54⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Jhgiim32.exeC:\Windows\system32\Jhgiim32.exe55⤵
-
C:\Windows\SysWOW64\Jemfhacc.exeC:\Windows\system32\Jemfhacc.exe56⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jpbjfjci.exeC:\Windows\system32\Jpbjfjci.exe57⤵
-
C:\Windows\SysWOW64\Johggfha.exeC:\Windows\system32\Johggfha.exe58⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Jeapcq32.exeC:\Windows\system32\Jeapcq32.exe59⤵
-
C:\Windows\SysWOW64\Jpgdai32.exeC:\Windows\system32\Jpgdai32.exe60⤵
-
C:\Windows\SysWOW64\Khbiello.exeC:\Windows\system32\Khbiello.exe61⤵
-
C:\Windows\SysWOW64\Kefiopki.exeC:\Windows\system32\Kefiopki.exe62⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Keifdpif.exeC:\Windows\system32\Keifdpif.exe63⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Kcmfnd32.exeC:\Windows\system32\Kcmfnd32.exe64⤵
-
C:\Windows\SysWOW64\Kcoccc32.exeC:\Windows\system32\Kcoccc32.exe65⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kiikpnmj.exeC:\Windows\system32\Kiikpnmj.exe66⤵
-
C:\Windows\SysWOW64\Lepleocn.exeC:\Windows\system32\Lepleocn.exe67⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Lpepbgbd.exeC:\Windows\system32\Lpepbgbd.exe68⤵
-
C:\Windows\SysWOW64\Lafmjp32.exeC:\Windows\system32\Lafmjp32.exe69⤵
-
C:\Windows\SysWOW64\Lhqefjpo.exeC:\Windows\system32\Lhqefjpo.exe70⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Lpgmhg32.exeC:\Windows\system32\Lpgmhg32.exe71⤵
-
C:\Windows\SysWOW64\Ledepn32.exeC:\Windows\system32\Ledepn32.exe72⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lpjjmg32.exeC:\Windows\system32\Lpjjmg32.exe73⤵
-
C:\Windows\SysWOW64\Lchfib32.exeC:\Windows\system32\Lchfib32.exe74⤵
-
C:\Windows\SysWOW64\Lhenai32.exeC:\Windows\system32\Lhenai32.exe75⤵
-
C:\Windows\SysWOW64\Lckboblp.exeC:\Windows\system32\Lckboblp.exe76⤵
-
C:\Windows\SysWOW64\Ljdkll32.exeC:\Windows\system32\Ljdkll32.exe77⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Loacdc32.exeC:\Windows\system32\Loacdc32.exe78⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Modpib32.exeC:\Windows\system32\Modpib32.exe79⤵
-
C:\Windows\SysWOW64\Mlhqcgnk.exeC:\Windows\system32\Mlhqcgnk.exe80⤵
-
C:\Windows\SysWOW64\Mcaipa32.exeC:\Windows\system32\Mcaipa32.exe81⤵
-
C:\Windows\SysWOW64\Mjlalkmd.exeC:\Windows\system32\Mjlalkmd.exe82⤵
-
C:\Windows\SysWOW64\Mjnnbk32.exeC:\Windows\system32\Mjnnbk32.exe83⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Mbibfm32.exeC:\Windows\system32\Mbibfm32.exe84⤵
-
C:\Windows\SysWOW64\Mqjbddpl.exeC:\Windows\system32\Mqjbddpl.exe85⤵
-
C:\Windows\SysWOW64\Nhegig32.exeC:\Windows\system32\Nhegig32.exe86⤵
-
C:\Windows\SysWOW64\Njedbjej.exeC:\Windows\system32\Njedbjej.exe87⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ncmhko32.exeC:\Windows\system32\Ncmhko32.exe88⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Njgqhicg.exeC:\Windows\system32\Njgqhicg.exe89⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Nmfmde32.exeC:\Windows\system32\Nmfmde32.exe90⤵
-
C:\Windows\SysWOW64\Nbbeml32.exeC:\Windows\system32\Nbbeml32.exe91⤵
-
C:\Windows\SysWOW64\Nimmifgo.exeC:\Windows\system32\Nimmifgo.exe92⤵
-
C:\Windows\SysWOW64\Ncbafoge.exeC:\Windows\system32\Ncbafoge.exe93⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ocdnln32.exeC:\Windows\system32\Ocdnln32.exe94⤵
-
C:\Windows\SysWOW64\Ommceclc.exeC:\Windows\system32\Ommceclc.exe95⤵
-
C:\Windows\SysWOW64\Ofegni32.exeC:\Windows\system32\Ofegni32.exe96⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Oifppdpd.exeC:\Windows\system32\Oifppdpd.exe97⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Ockdmmoj.exeC:\Windows\system32\Ockdmmoj.exe98⤵
-
C:\Windows\SysWOW64\Oihmedma.exeC:\Windows\system32\Oihmedma.exe99⤵
-
C:\Windows\SysWOW64\Pimfpc32.exeC:\Windows\system32\Pimfpc32.exe100⤵
-
C:\Windows\SysWOW64\Piocecgj.exeC:\Windows\system32\Piocecgj.exe101⤵
-
C:\Windows\SysWOW64\Pcegclgp.exeC:\Windows\system32\Pcegclgp.exe102⤵
-
C:\Windows\SysWOW64\Piapkbeg.exeC:\Windows\system32\Piapkbeg.exe103⤵
-
C:\Windows\SysWOW64\Pplhhm32.exeC:\Windows\system32\Pplhhm32.exe104⤵
-
C:\Windows\SysWOW64\Pidlqb32.exeC:\Windows\system32\Pidlqb32.exe105⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ppnenlka.exeC:\Windows\system32\Ppnenlka.exe106⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pblajhje.exeC:\Windows\system32\Pblajhje.exe107⤵
-
C:\Windows\SysWOW64\Pmbegqjk.exeC:\Windows\system32\Pmbegqjk.exe108⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Qbonoghb.exeC:\Windows\system32\Qbonoghb.exe109⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Qbajeg32.exeC:\Windows\system32\Qbajeg32.exe110⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Qjhbfd32.exeC:\Windows\system32\Qjhbfd32.exe111⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Abcgjg32.exeC:\Windows\system32\Abcgjg32.exe112⤵
-
C:\Windows\SysWOW64\Apggckbf.exeC:\Windows\system32\Apggckbf.exe113⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Apjdikqd.exeC:\Windows\system32\Apjdikqd.exe114⤵
-
C:\Windows\SysWOW64\Afcmfe32.exeC:\Windows\system32\Afcmfe32.exe115⤵
-
C:\Windows\SysWOW64\Aidehpea.exeC:\Windows\system32\Aidehpea.exe116⤵
-
C:\Windows\SysWOW64\Bmbnnn32.exeC:\Windows\system32\Bmbnnn32.exe117⤵
-
C:\Windows\SysWOW64\Bdocph32.exeC:\Windows\system32\Bdocph32.exe118⤵
-
C:\Windows\SysWOW64\Bdcmkgmm.exeC:\Windows\system32\Bdcmkgmm.exe119⤵
-
C:\Windows\SysWOW64\Cajjjk32.exeC:\Windows\system32\Cajjjk32.exe120⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ckbncapd.exeC:\Windows\system32\Ckbncapd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-